|
Hi Mike,
I have a suggestion that may help you. We had a similar problem that was resolved by putting the QSH command
kinit -k krbsvr400/servername@domainname that would have been used in the original configuration into an initial program for each user. This command requests the Ticket Granting Ticket (TGT) from the Kerberos server, but at least on our system the TGT was only valid for 10 hours. Hence the need to run it every time a user logged in.
I should point out that SSO was working perfectly without this, and the above command was only necessary to allow access to /QNTC folders (where the folder just points to a shared folder on a Windows server), so this may not be the problem you are having.
Your problem may actually have to do with the local workstation configuration. Have a look at this:
https://www-304.ibm.com/support/docview.wss?uid=nas19a3a2d52a849457d862576f10079427c
My experience with Kerberos is that it's a pain to set up the first time, but once it's working it's pretty stable.
Good Luck!
Thanks
Adam Driver
IBM Certified Systems Administrator - System i
Consultant - Infrastructure Technician
Exacta Corporation
608.661.6697 ext 2581
adriver@xxxxxxxxxxxx<mailto:adriver@xxxxxxxxxxxx>
Please consider your environmental responsibility before printing this e-mail.
-----------------------------------------
date: Thu, 21 Jul 2011 10:27:29 +0100
from: Mike Buglass<noqnoq@xxxxxxxxxxxx>
subject: Problem with Single signon
I am attempting to set up single sign on for a customer and am having a
strange problem. I can set up a new user and they can use SSO to access
the iseries with no problem - until the next day - when any attempt to
connect with SSO returns CWBSY1011 Kerberos client credentials not
found. Troubleshooting details for Kerberos and SSO seem very thing on
the ground so any hints of where to look would be much appreciated.
Thanks
--
Mike Buglass
Fact of the Day:
The WEA Trust Health Plan has received the NO. 1 customer satisfaction score in the state three years in a row (CAHPS 2008, 2009, 2010).
- WEA Trust Confidentiality Notice -
This electronic mail message and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. Dissemination, forwarding, printing, or copying of this electronic mail without the consent of the sender is strictly prohibited. If you are not the intended recipient or the person responsible for delivering the electronic mail to the intended recipient, be advised that you have received this electronic mail in error; please immediately notify the sender by return mail.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.